Common Additional Security Roles

There are a few cases which we have seen that result in new security roles which are fairly similar across our clients. We've outlined these below.

The Individual Security Role

Many campuses, units, or faculty have the need for proxy users. Giving one person access to your account so they can update your data and run reports on your behalf is handled in part by our default roles of Department and College. If a proxy user should only have access to specific individuals, however, and not entire units, we recommend creating an Individual security role.

This role grants one user access to perform certain functions for another specific user. The supported permissions for an Individual security role are:
  • Manage Data: Proxy
  • Run Ad Hoc Reports
  • Run Custom Reports
  • Change Your Password

You can assign a user to the Individual security role for as many users as needed. This scope for a security role can be helpful in many use cases. Perhaps a user or a group of users needs to enter data on behalf of specific faculty members, or perhaps a user needs access to a custom report – like a Promotion and Tenure report; only for users who have reviews pending.

To request this type of security role, submit a General work request. Unless you specify otherwise, this role will be set up with the Manage Data: Proxy permission and Run Custom Reports with access to the same reports as the Faculty security role.

College or Department Proxy Security Role

You may encounter cases where faculty hire assistants to enter the bulk of their activities into the system. In such cases you need to give that assistant access to manage data for that faculty member, but ensure that this person does not receive the ability to see hidden fields and edit read-only fields. To accomplish this you can give this person a Proxy security role.
 
This role grants one user access to perform certain functions for another specific user. You can assign a user to the Proxy security role for as many users as needed.
 
The supported permissions for a Proxy security role are:
  • Manage Data: Proxy
  • Run Ad Hoc Reports
  • Run Custom Reports
  • Change Your Password

Most commonly a Proxy security role needs just the Manage Data: Proxy permission so a user can enter data on behalf of specific faculty members. Proxy users may also need report access, though, if their responsibilities involve proofing how data will display in reports, or actually running reports - like a Vita - for specific faculty members.
 
To request this type of security role, submit a General work request. Unless you specify otherwise, this role will be set up as a copy of the Faculty security role, with the additional of Manage Data: Proxy

Department Users and Security

We have often found ourselves creating security roles at the Department level, with just the Users and Security permission. To understand why this type of role would be used, we need to first explain how Faculty Success handles College and Department values in a University instrument. Ultimately, unless you customize this - which we don't recommend - we maintain college and department lists independently. The association between these two values comes through the users assigned to each college and department. To restate this, the association is only in your data - it is not between the fields, or the values themselves.

This means that assigning a user to a college-level role gives them access to all the permissions within the role for the college selected. The departments which reside within that college are not handled or included as part of this role.

In most cases, this works exactly as you need it to. Since you are using Manage Data for a college's users, or running reports on a specific college - and drilling down based on the users' department assignments, you don't notice that you don't have permissions for specific departments. Where this does become an issue, however, is in Users and Security itself. With a college-level security role, you can assign the following scopes of security roles:

  • College
  • Self
  • Individual

Department is conspicuously missing from this list. In order to assign department-level security roles, a user needs to have Users and Security for the department(s) they should be able to assign. In order to meet this need, we create Department Users and Security roles with just the Users and Security permission.

If you have added fields which we've configured to be available as a scope for security roles, you may need additional Users and Security only roles. To put these in place, simply submit a General work request identifying the scope at which the role should be created.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
How to Contact Support
Click here to submit a ticket for the Support Team.
Watermark Academy
Click to access the Watermark Academy for free webinars, workshops, certifications, and free on-demand training